[SLUG] Default access rights.... (questions from a newbie - continued)

From: Patrick Grantham (pwgrant@yahoo.com)
Date: Mon Dec 24 2001 - 08:13:07 EST


Thanks this will give good information on direction. What about .jsp or
.php should they be granted execute rights? I am a bit embarrassed to admit
that I don't fully understand Unix implementation of file security. I
understand the basic (how to read it ls -lF, just not the affects of file
security on other apps , such as apache.) I presume that server-side
scripting would need "x" rights.

Thanks for reference to the "Howto"

----- Original Message -----
From: "steve" <steve@itcom.net>
To: <slug@nks.net>
Sent: Monday, December 24, 2001 7:08 AM
Subject: Re: [SLUG] The infamous test msg (is this getting to the list?

> On Sunday 23 December 2001 11:23 pm, you wrote:
> > I've set up a suse-Linux box as a web server. Problem is new files that
> > are created do not have proper rights properties to served why the
apache
> > unless manually set via a telnet session. How can I set the default
rights
> > for "all" users to rx (read and execute) and group rights for rwx for
NEW
> > files automatically? I've been searching through man pages, but can
seem
> > to find it.
>
> Why would you want html files to be executable? They are read by apache,
not
> executed by bash. Though a directory needs x to grant access.
>
> Just a quick note on Apache...
>
> I've never had a rpm version work as needed so I've always ended up
compiling
> it. Actually not hard and you get just the right.
>
> Next I also end up using shell scripts to automate things. This way I can
> have my servers work just the way I like it.
>
> As far as rights you can set the default new user settings by configure
> /etc/default/useradd
> /etc/security/(files)
> /etc/skel
> /etc/pam.d
> and so on
> Go through /etc/rc.config as many things are set in here on SuSE.
>
> It all depends on what you are doing with that box. How it will be used.
The
> effort of customizing in some way makes it harder to use in some other
way.
> I first sit down and figure out my use and what type of setup will be the
> best way to go. It laso has a lot to do about what kind of security is
> needed. As /usr/share/doc/howto/en/html_single/Config-HOWTO.html says
> "security is a vast subject".
>
> Also very important. Stop using telnet. Disable it on ALL servers. Change
to
> ssh. It also replaces ftp. As you probably know mail, telnet and ftp all
send
> the password in clear text. VERY easy to steal.
>



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:21:04 EDT